Please fill in the form below to subscribe to our blog

The Week in Breach: 03/12/19 – 03/18/19

March 20, 2019

This week, US students hack into school, Canadian alcohol gets held for ransom(ware), New Zealand outdoors retailer is exposed, and data doesn’t expire on the Dark Web.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums (99%) 
Top Compromise Type: 
Domain (99%)
Top Industry: 
Medical & Healthcare
Top Employee Count: 
11 – 50 Employees 



United States – Sizmek
https://www.cbronline.com/news/advertising-platform-sizmek

Exploit: User account takeover
Sizmek: American online advertising platform based in Austin

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.111 = Severe: Security researcher Brian Krebs caught hackers auctioning access to a Sizmek user account on the Dark Web, specifically a Russian-language cybercrime forum. The bidding began at $800 per account. With account access in hand, threat actors are capable of infecting ongoing ad campaigns or siphoning profits from ads in the system. After investigating, Sizmek believes that the account in question was simply a regular user account, without higher level administrator access. Nevertheless, the platform will be forced to upgrade security and deal with a PR nightmare to retain customers and continue to do business.
1.51 – 2.49 = Severe Risk Individual Risk: 2.714 = Severe: Given that the company connects over 20,000 advertisers with 3,600 agencies across 70 countries, such a compromise could have displaced advertising revenue from clients and passed undetected for quite some time. This type of attack poses high risk for Sizmek clients and their end-users, who have the most to lose in the event of breach.

Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: In an ecosystem of evolving B2B2C business models, companies that provide services for business users must acknowledge the possibility and gravity of a cyber-attack. As evidenced by this event, cybercriminals are peddling access to attack vectors that have the potential to cripple businesses on the Dark Web. Partnering with an MSP who can proactively monitor and navigate the inner workings of the Dark Web is crucial to securing small business customers and end users.

ID Agent to the Rescue:  Dark Web ID™ can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/ 

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Delaware Guidance Services
https://www.scmagazine.com/home/security-news/ransomware-attack-pays-off-as-delaware-guidance-services-gives-in-to-criminals

Exploit: Ransomware attack
Delaware Guidance Services: Non-profit that offers mental health services for children, youth, and families

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.666 = Severe: The Delaware-based organization issued letters to 50,000 patients notifying them of a ransomware attack that took place on December 25, 2018. After records were locked by hackers, DGS ended up paying a ransom in exchange for a decryption key to regain access. Although their investigation concluded that no data was compromised, they are offering free credit monitoring and reporting services for one year to those affected.
1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = Severe Personal details including names, addresses, DOBs, SSNs, and medical information was impacted. All members have been advised to review financial and credit reports for any suspicious activity.

Customers Impacted: 50,000 patients
How it Could Affect Your Customers’ Business: The threat of ransomware is increasing at alarming rates, and small businesses must begin to consider the potential impact of an attack on their systems. In the event of breach, management is forced to decide whether to pay the ransom or risk losing access to customer records forever.

ID Agent to the Rescue: Dark Web ID can monitor the Dark Web and find out if your customers’ data has been compromised. We work with MSPs and MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/ 

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States- Orchard View School District
https://www.bleepingcomputer.com/news/security/students-hack-school-system-to-change-grades-and-attendance/

Exploit: Internal data breach
Orchard View School District: A high school district in Muskegon Township, Michigan..

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.223 = Severe: Students allegedly hacked the school’s information system, PowerSchool, and altered grades and attendance records. The school has notified parents of the students who may be responsible and is investigating the incident. However, what data was modified and how access.
2.5 – 3 = Moderate Risk Individual Risk: 2.857 = Moderate Risk Depending on whether a ledger of the previous data was stored or removed, other students could be at risk for having their grades modified. Regardless, the possibility of losing such data can be upsetting for students, to say the least..

Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: Organizations that store important information must remain vigilant for cyber-attacks, especially originating from within. To protect valuable data from getting in the hands of the wrong people, internal systems must be “fool-proofed” by partnering with the right security provider.

ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Canada – Container World
https://globalnews.ca/news/5045899/container-world-hack/

Exploit: Ransomware attack
Container World: One of the largest supply chain companies for beverages in British Columbia

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.111 = SevereCybercriminals were able to breach business systems at the logistics company, demanding a ransom to restore access. In response, Container World chose not to pay the ransom and acted to protect their systems by shutting down affected systems. All systems were taken offline for over a week as their engineers scrambled to rebuild the IT infrastructure from the ground up. Aside from the hefty costs associated with interruptions to business processes and time spent rebuilding systems, the company may have to answer to disgruntled business customers.
2.5 – 3 = Moderate Risk Individual Risk: 3.0 = Moderate Risk  Although no financial information of customers was accessed, private liquor stores, bars, and restaurants suffered a major disruption to business. For a small mom-and-pop chain, such an incident could be crippling.

Customers Impacted: Undisclosed
How it Could Affect Your Customers’ Business: Understanding the widespread impact that breaches can have in the B2B world is crucial to valuing cybersecurity. A weeklong halt in distribution can create a ripple effect that not only affects current sales, but also future customer loyalty. In a world of increasing options, corporate customers will begin to diversify and move their valuable business elsewhere when they can no longer have faith in their supplier.


ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime:  https://www.idagent.com/bullphish-id

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United Kingdom – FILA
http://www.theregister.co.uk/2019/03/14/fila_uk_hacked/

Exploit: Card-stealing Javascript malware
Emerson Hospital: UK brunch of sportswear brand 

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.0 = Severe: Russian security vendor Group-IB discovered that a malware dubbed GMO was installed into clothing brand’s website for at least the past 4 months. The attacker responsible was able to secretly collect card data entered by customers through the company’s server, researchers reported. However, the company was unable to remove the card-stealing code from their site until very recently. Along with the threat of fines and lawsuits, the business will certainly face customer churn.
1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = Severe Anyone who ordered from the FILA.co.uk website should be contacting their bank and checking their statements. Since the company has yet to issue a statement, it could be months before customers are notified and able to act, potentially putting them at severe risk.

Customers Impacted: An estimated 5,600 cardholders
How it Could Affect Your Customers’ Business:  As the world of e-commerce grows increasingly competitive, especially in the lens of the apparel industry, businesses should know that such a breach can produce catastrophic consequences. Keeping online shoppers on your website is hard enough as-is, and companies must avoid breaches at all costs to retain trust. In order to do so, it becomes a simple matter of enlisting the help of an IT security provider.

ID Agent to the Rescue: Find out why the largest private and public sector organizations globally rely on Dark Web ID to provide actionable stolen credential data and make informed decisions here: https://www.idagent.com/dark-web

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United Kingdom – Sir John Colfox Academy
http://fortune.com/2019/03/05/chinese-hackers-targeted-27-universities-to-steal-maritime-research-report-finds/

Exploit: Employee phishing breach
Sir John Colfox Academy: Secondary school in Bridport, England

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.111 = Severe: Hackers were able to infect the academy’s computer network after a staff member opened a phishing email that appeared to be from a colleague. Coursework saved in the school’s system was lost, which means that the school will have to determine how to rectify the situation for students and their families. Such an attack can certainly affect future enrollment, as parents may reconsider before sending their kids back to the same school that lost valuable academic information.
2.5 – 3 = Moderate Risk Individual Risk: 2.857 = Moderate: The school announced that it does not store the personal data of staff, students, or parents. Nevertheless, it is still possible that hackers will be able to leverage the information obtained.

Customers Impacted: To be disclosed
How it Could Affect Your Customers’ Business: Hackers have identified company workforce as the path of least resistance when it comes to executing damaging cyber-attacks. In order to prevent further exploits, companies must invest in security solutions that can guard against phishing exploits to protect employees and customers.

ID Agent to the RescueOur newest offering, BullPhish ID, simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

New Zealand – Kathmandu Holdings Ltd.
https://www.nzx.com/announcements/331882

Exploit: To be determined.
Kathmandu Holdings Limited: Outdoor clothing and equipment retailer.

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.666 = Severe: The company recently learned that an unauthorized party gained access to their website between January 8th and February 12th, compromising the personal information of customers. After hiring cybersecurity consultants, Kathmandu proceeded to reset passwords and notify potentially affected customers. Although it is unclear exactly how this will affect the retailer, a sharp decrease in brand equity and customer loyalty is imminent.
2.5 – 3 = Moderate Risk Individual Risk: 2.714 = Moderate: Everything from billing/shipping names, addresses, email accounts, and phone numbers to payment and loyalty card details was compromised. Customers who have shopped online with the store should immediately begin to contact their financial institution, reset passwords, and monitor their credit reports.

Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: An attack of this scale is not easily forgotten by the victims. Previously loyal customers will likely never return to the website or physical stores, amounting to a sticky situation for business owners. The only way to identify, prevent, and contain vicious cybercrime is to partner with security experts who offer comprehensive solutions.

ID Agent to the Rescue:   Find out why the largest private and public sector organizations globally rely on Dark Web ID to provide actionable stolen credential data and make informed decisions here: https://www.idagent.com/dark-web

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

New Zealand – Christchurch cyber scams
https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=12213931

Exploit: Dormant email account hack.
Christchurch: Largest city in the South Island of New Zealand that recently suffered from a mass shooting

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.222 = Severe: Government agency CERT NZ warned citizens of opportunistic scams seeking to exploit the recent Christchurch tragedy. These cyber-attacks have taken the form of phishing emails for fake donations, malware-embedded videos, and fraudulent websites. Companies that offer work-from-home policies to employees and operate on networks that unsecured should beware of resulting compromises.
2.5 – 3 = Moderate Risk Individual Risk: 2.428 = Moderate: Individuals can avoid putting themselves at risk by simply exercising basic cybersecurity awareness. However, giving payment information on the wrong website or clicking the wrong video can result in fraud and malware that is difficult to trace.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Businesses that allow employees to use devices outside of secure networks should make cybersecurity training mandatory. Without proper internal and external controls in place, the chances of being breached increase exponentially.

ID Agent to the Rescue:  Designed to protect against human error, Bullphish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id 

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

The worst business hacks of all time

If we were to record a time-lapse of data breaches across the world, the result from the last few decades would be quite stunning. All stolen data is not created equal, since records can range from names to fingerprint records, and are sometimes encrypted well. Nevertheless, when SSNs, credit card numbers, or other financial information is involved, customers become increasingly vulnerable to identity theft.

Simultaneously, organizations that are breached must deal with enhanced regulatory scrutiny, customer churn, and settlement fines in the immediate future. But the long-term consequences are even greater. Small businesses that are responsible for compromising the data of their patrons face the threat of diminishing loyalty and ultimate disinterest. As a result, the ROI of cybersecurity investment should be measured in hundreds of thousands.

https://www.bloomberg.com/graphics/corporate-hacks-cyber-attacks/


What We’re Listening To:

Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e


A note for your customers:

Why data never expires on the Dark Web

In the ongoing slew of mega data breaches, it’s likely that our personal information has been breached and is being auctioned off on the Dark Web. Hackers are not only scooping up more personally identifiable information (PII) than ever before, but also additional information that can be leveraged to conduct damaging fraud. At the same time, we are falling prey to the phenomenon of “data breach fatigue.” Indoctrinated with daily news of compromises, we’re beginning to ignore the possibility of future cyber-attacks.

Simply changing a few passwords is not enough. When a hacker gets his hands on persistent records such as a customer name, SSN, or permanent address, it almost never expires. The only way to survive in this new reality is by protecting employees and customers from identity theft. How can this be accomplished? Investing in identity theft solutions that can detect compromises proactively by monitoring for an organization’s employee and customer data on the Dark Web.

https://www.business2community.com/cybersecurity/theres-no-expiration-date-for-your-data-on-the-dark-web-02179324


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!